Requirements

The machine acting as server should have an additional network device. That network device requires a functional w:data link layer to the machine(s) that are going to receive internet access:

To be able to share internet to several machines a switch can provide the data link.

A wireless device can share access to several machines as well, see Software access point first for this case.

If you are sharing to only one machine, a crossover cable is sufficient. In case one of the two computers' ethernet cards has MDI-X capability, a crossover cable is not necessary and a regular ethernet cable can be used. Executing ethtool interface | grep MDI as root helps to figure it.

Configuration

This section assumes, that the network device connected to the client computer(s) is named net0 and the network device connected to the internet as internet0.

Static IP address

On the server computer, assign a static IPv4 address to the interface connected to the other machines. The first 3 bytes of this address cannot be exactly the same as those of another interface, unless both interfaces have netmasks strictly greater than /24.

Warning: If the system uses systemd-networkd to control the network interfaces, a per-interface setting for IPv4 is not possible, i.e. systemd logic propagates any configured forwarding into a global (for all interfaces) setting for IPv4. The advised work-around is to use a firewall to forbid forwarding again on selective interfaces. See the systemd.network(5) manual page for more information.
The IPForward=kernel semantics introduced in a previous systemd release 220/221 to honor kernel settings does not apply anymore.[1][2]

Edit /etc/sysctl.d/30-ipforward.conf to make the previous change persistent after a reboot for all interfaces:

You can find more information on NAT in nftables in the nftables Wiki. If you want to make these changes permanent, follow the instructions on nftables

Assigning IP addresses to the client PC(s)

If you are planning to regularly have several machines using the internet shared by this machine, then is a good idea to install a DHCP server, such as dhcpd or dnsmasq. Then configure a DHCP client (e.g. dhcpcd) on every client PC.

Reason: This is not an iptables guide. Expanding the chain with iptables -I might skip other important rules; if you need to script an ON/OFF switch for this, use custom chain with a jump placed carefully in the INPUT chain. (Discuss in Talk:Internet sharing#)

Incoming connections to UDP port 67 has to be allowed for DHCP server. It also necessary to allow incoming connections to UDP/TCP port 53 for DNS requests.

Troubleshooting

If you are able to connect the two PCs but cannot send data (for example, if the client PC makes a DHCP request to the server PC, the server PC receives the request and offers an IP to the client, but the client does not accept it, timing out instead), check that you do not have other Iptables rules interfering.